oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,615 Commits 2 Branches 2 Tags
8fccb51d49b93560f0de4deef7985b3724acc1df
Commit Graph

633 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
8fccb51d49 Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd 
Krb5 admin patches 2nd

This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)

Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet


Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 15:41:36 -07:00
Linus Nordberg
2e35198908 Add version-script.map to _DEPENDENCIES. 
Added to 11 out of 14 directories with map files.  Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 14:07:59 -07:00
Love Hörnquist Åstrand
f60ec15834 partly unify enctype/keytype since there is only enctypes 2011-07-24 14:03:08 -07:00
Nicolas Williams
95262936c7 s/assert/heim_assert/ and remove dead code 2011-07-24 11:07:27 -05:00
Love Hörnquist Åstrand
12403a31ce sprinkle more windows files 2011-07-23 11:18:21 -07:00
Nicolas Williams
1eb56edd86 Introduce Keys ::= SEQUENCE OF Key in hdb.asn1 so we can get convenience utils. 2011-07-22 16:07:08 -05:00
Nicolas Williams
689d4f4dd9 Another HDB_F_DECRYPT-isn't-critical fix. 2011-07-22 16:07:08 -05:00
Nicolas Williams
5335559845 Oops, HDB_F_DECRYPT isn't critical; making it so breaks tests. 2011-07-22 16:07:08 -05:00
Nicolas Williams
a246c394d2 Fix warnings. 2011-07-22 16:07:08 -05:00
Nicolas Williams
f2897efd09 Make the KDC path work. 2011-07-22 16:07:08 -05:00
Nicolas Williams
31974aa24c More s/int/size_t/ for iterators. Also fixed a stupid bug. 2011-07-22 16:07:06 -05:00
Nicolas Williams
cf1c898e95 Undo a s/size_t/int/. Iterators must be unsigned. 2011-07-22 16:07:05 -05:00
Nicolas Williams
0674e4b13a Ooops! Mind those tags when re-ordering ASN.1 SEQUENCEs! (hdb_keyset) 2011-07-22 16:07:05 -05:00
Nicolas Williams
53ea8ac59b Make changes to hdb_keyset type be backward-compatible. 2011-07-22 16:06:01 -05:00
Nicolas Williams
a280ed4d4c Forgot a file for the hdb_keyset backwards-compat extention. 2011-07-22 16:06:01 -05:00
Nicolas Williams
3794d8b37b Changed lib/hdb/Makefile.am to use --sequence=HDB-Ext-KeySet 2011-07-22 16:06:01 -05:00
Nicolas Williams
355ae357eb Moved set_time field of hdb_keyset to end and add extensibility marker. 2011-07-22 16:06:01 -05:00
Nicolas Williams
c2ec368c36 Add HDB extension for storing policy regarding what historic keys may be used for 2011-07-22 16:06:00 -05:00
Nicolas Williams
308e53a4a8 Initial support for filtering out "dead" historical keys. 2011-07-22 16:05:21 -05:00
Nicolas Williams
7e0a801e28 Changed decrypt key history logic and added HDB_F_ALL_KVNOS. 2011-07-22 16:05:21 -05:00
Nicolas Williams
a04721b737 Added basic policy support, w/ policy names listed in krb5.conf 2011-07-22 16:05:21 -05:00
Nicolas Williams
abd94953e2 Fixes to lock nesting code. 2011-07-22 16:04:52 -05:00
Nicolas Williams
58d72035f1 Added kadm5_lock() and unlock. 2011-07-22 16:04:52 -05:00
Nicolas Williams
109607a355 Fix uninitialized variable. 2011-07-22 16:04:52 -05:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin. 
NOT TESTED YET.
 2011-07-22 16:04:52 -05:00
Nicolas Williams
51e9da4a66 Fixed (preemptively) a double free and added password history based on key history. 2011-07-22 16:04:52 -05:00
Nicolas Williams
34189a23fe Added a flag to ensure that we don't mod/store hdb entries fetched with specified kvno. 2011-07-22 16:04:51 -05:00
Nicolas Williams
e7f385ad0d Initial patch to make the MIT KDB backend for HDB handle multiple kvnos. 2011-07-22 16:04:51 -05:00
Nicolas Williams
34bb7ae363 Fix double free. 2011-07-22 16:04:51 -05:00
Nicolas Williams
a095933ee0 We want the time that a keyset was set, not the time it was replaced. 2011-07-22 16:04:51 -05:00
Nicolas Williams
08650b573b Also encrypt the history when storing the entry. 2011-07-22 16:04:51 -05:00
Nicolas Williams
fca53990e4 Initial commit for second approach for multiple kvno. NOT TESTED! 2011-07-22 16:04:51 -05:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
7a4d4c5f4e Add HAVE_SQLITE3 that allows control if you want sqlite or not 2011-04-16 10:26:43 -07:00
Nicolas Williams
4244f13866 This makes hdb-sqlite work: moving the unseal of keys past the value2entry decoding. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-04-16 10:19:40 -07:00
Nicolas Williams
b5137810fb Various bug fixes in hdb-mitdb.c. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-04-04 22:44:58 -07:00
Nicolas Williams
941eba430b Fixed a bug by s/u16/SEEK_CURR/; the bug prevented this mitdb backend from parsing MIT KDB entries with multiple kvnos in non-increasing order. 
Fixed a double-free bug that was triggered by MIT KDB entries with
multiple kvnos in non-increasing order.

Added lots of comments regarding the MIT KDB entry format.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-04-04 22:44:57 -07:00
Luke Howard
987658325e correctly decode MIT KDB flags 
Patch from Nico Williams <nico@cryptonector.com>
 2011-03-23 11:26:50 +11:00
Jelmer Vernooij
1ad64fe599 hdb.h: Include krb5.h first, so hdb.h can be included standalone. 
This makes it a bit easier to find libhdb in e.g. configure tests and
is consistent with the main header files for the other Heimdal
libraries, none of which has any prerequisite other headers.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-03 11:51:09 +01:00
Love Hornquist Astrand
0a10f35897 drop unused functions 2010-11-28 11:50:42 -08:00
Love Hornquist Astrand
6c6726d76c drop hdb_fetch 2010-11-28 11:46:46 -08:00
Love Hornquist Astrand
917920e8cd implement fetch_kvno 2010-11-28 11:34:33 -08:00
Love Hornquist Astrand
38d0a72326 implement fetch_kvno 2010-11-28 11:33:24 -08:00
Love Hornquist Astrand
daa3d4753d implement fetch_kvno 2010-11-28 11:31:15 -08:00
Love Hornquist Astrand
ee8c2e45b4 use _hdb_fetch_kvno 2010-11-28 11:20:31 -08:00
Love Hornquist Astrand
c44315b6d9 add _hdb_fetch_kvno 2010-11-28 11:19:43 -08:00
Love Hornquist Astrand
617c51a150 kvno is krb5_kvno not unsigned 2010-11-28 11:19:22 -08:00